Brief Notes on my Installation of Cosign (the University of Michigan authentication system)
please contact me or visit http://www.weblogin.org/ for more information

00:43 < MulkaMocha> I have an announcement to make... I now have the umich weblogin system running on my own server, so when you login to mail or wolverine access, it will automatically log you in to my web server when you visit it
01:23 < MulkaMocha> so, whenever you want to login to a service that uses cosign, the service redirects you to a central server (weblogin.umich.edu in UofM's case) to which you give your username and password to
01:24 < MulkaMocha> then, behind the scenes that central server tells the individual service to allow the user access
01:24 < MulkaMocha> so, there is a global cookie for weblogin.umich.edu and a service cookie for each service you visit
01:25 < MulkaMocha> each time you visit a new service while logged in globally, that service checks the main server and automatically gives you a service cookie if you are alreday logged in globally
01:26 < MulkaMocha> then, of course, there is a global log out as well
01:27 < adlr> so, i log into webmail or whatever, so i have a webmail service cookie, and a global cookie
01:27 < adlr> then i go to your site, you redirect me to the login server
01:27 < adlr> the login server sees the global cookie, and redirects me back to you
01:27 < MulkaMocha> I think so
01:27 < adlr> and behind the scenes it says to you i'm logged in
01:27 < adlr> then you issue me a service cookie?
01:28 < adlr> ok
01:28 < MulkaMocha> yup
01:28 < MulkaMocha> of course, I don't have to worry about the details. They have it nicely packaged into an apache module
01:28 < adlr> aah


To use weblogin.umich.edu you must generate a private key for your server and send a certificate signing request to webmaster@umich.edu, unless of course you find another way to sign your certificate.

At first cosign wouldn't compile because it said it couldn't find a webserver. Specifically it couldn't find the binary "apxs". So, I had to go find it. 

I tried including sys/param.h in mod_cosign.c and it fixed the above errors, but got new ones instead. One specific one, was this which didn't seem to cause a problem installing cosign in the end.

*** Warning: Linking the shared library mod_cosign.la against the non-libtool
*** objects  mod_cosign.o connect.o cookiefs.o sparse.o ../../common/argcargv.o ../../common/fbase64.o ../../common/mkcookie.o ../../common/rate.o ../../version.o is not portable! 

./configure --enable-apache2=/usr/sbin/apxs --with-cosigncadir=/etc/httpd/conf/ssl.ca --with-cosigncert=/etc/httpd/conf/ssl.ca/cosign.crt --with-cosignkey=/etc/httpd/conf/ssl.key/server.key --with-cosignhost=weblogin.umich.edu --with-cosignlogouturl=https://weblogin.umich.edu/cgi-bin/logout

What I had to do special to get Cosign working with my server.

Here's some info about my setup:
Fedora Core 3
Apache 2.0.52
weblogin.umich.edu

Had to install openssl to get c_rehash. I installed version 0.9.7a

It is impossible to use name-based virtual hosting on https. You must use IP based. I was sad about that, but I got over it. You can however run name-based virtual hosting on the non-secure parts of your server